Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
NAPT on AR2204xe

NAPT on AR2204xe

Created: Jun 5, 2019 03:17:10Latest reply: Jun 11, 2019 02:31:51 2041 13 0 0 0
  Rewarded HiCoins: 2 (problem resolved)
View the author 1#

Hello,


I need some help for the configuration the NAPT in my router AR2204xe. I need translate IP's from one vlan to one public IP. In resume I need to do a NAPT with the case:

VLAN 11 (128.0.8.0/23) private net -> 266.13.59.2/28 public IP

is possible do this with the commands of the CLI ?


(This is the topology of the cluster)

003351yzzhwmw2589we920.png?net.png


Thanks !

NAPTNATAR2204xe

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Q in q config support
Next: How to use iUpgrade tool for NE router upgrade.
All Answers
(0) (0)
11#
Juan_Tintor
Juan_Tintor Created Jun 8, 2019 16:32:47

Posted by chenhui at 2019-06-08 08:13 I'm really confused with the topology,the AR2204 connect to the private network, but configured wi ...
Hi !

the AR2204 connect to the private network, but configured with a public ip address
Yes, because, my ISP given my the public segment (146.83.95.0/28) for to configured in the router AR2204xe (that is at the same time connected to the router of the ISP) and this is the reasen because my default static route is the "0.0.0.0 0 10.10.95.1" and nont the route  "0.0.0.0 0 146.83.95.1" (10.10.95.0/30 is only a L3 link between the two routers). The router of the ISP only reconnaissance the segment 146.83.95.0/28, and not my private segments.

I'm not sure what the goal of configuring the 10GE1.4 with a public ip address.
The reason and the goal because I have the configured the public ip address in the subinterface 10GE1.4 is because the public segment (146.83.95.0/28) is not definend in the router of the ISP, and also, I used the other 13 IPs of this segment to configure some NICs of the servers for get access from out of my cluster (tthe NICs of he servers are connected to the switch S5720).

Cheers !
View more
  • x
  • convention:
(0) (0)
12#
uzzi
uzzi HCIE Created Jun 9, 2019 05:12:31

If you are able to ping Cisco side p2p IP then Cisco side also need to be configure with "ip nat isnide" on private interface and "ip nat outside" on global interface which is connected to ISP directly also one acl need to be define on cisco which can be "ip nat inside source"

If you do not have access to Cisco then break the password if it is your device and if not then please contact ISP accordingly as vice versa default route also need to be set on Cisco.

Also please configure one more address group (1) with public IP segment and where you used "nat outbound 2001 address-group 1"

It can be confugred like this 

"nat address-group 1 146.83.95.2 146.83.95.6"

by configuring above all these public IPs can be allocated dynamiclly to inside IP addresses, if you want to use some of them for your internal server then please reduce the size from 146.83.95.2 146.83.95.6 to whatever you like, I used on one customer only 2 and 3 and it is working fine.

Your WAN interface configuration should be like this.

interface XGigabitEthernet0/0/1.4
dot1q termination vid 30
ip address 146.83.95.1 255.255.255.240
nat outbound 2011 address-group 1
 

Thank you.

Kindest regards,
Uzair
View more
  • x
  • convention:
(0) (0)
13#
uzzi
uzzi HCIE Created Jun 9, 2019 05:28:52


One more thing, can you see anything from cisco router on Huawei router when checking "display ip routing-table" ?

As Huawei and Cisco segment is 10.10.95.0/30 so point your default route to 10.10.95.1 and then check, ideally it should work if cisco side is configured properly.

Thank you.

Kindest regards,
Uzair
View more
  • x
  • convention:
(0) (0)
14#
chenhui
chenhui Admin Created Jun 11, 2019 02:31:51

Posted by Juan_Tintor at 2019-06-08 16:32 Hi !the AR2204 connect to the private network, but configured with a public ip addressYes, because ...
hi,
so the topology is as the image below shows:
top

am I right?
View more

This article contains more resources

You need to log in to download or view. No account? Register

x
  • x
  • convention:
12
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.